Ok, let me rephrase this, I have read many books, like O'reilly s LDAP system administratoro, or docs like Or http://tools.ietf.org/html/rfc4511#section-4.9, that explains this exactly
The Modify DN operation allows a client to change the Relative
Distinguished Name (RDN) of an entry in the Directory and/or to move
a subtree of entries to a new location in the Directory. The Modify
DN Request is defined as follows:
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN,
deleteoldrdn BOOLEAN,
newSuperior [0] LDAPDN OPTIONAL }
Fields of the Modify DN Request are:
- entry: the name of the entry to be changed. This entry may or may
not have subordinate entries.
- newrdn: the new RDN of the entry. The value of the old RDN is
supplied when moving the entry to a new superior without changing
its RDN. Attribute values of the new RDN not matching any
attribute value of the entry are added to the entry, and an
appropriate error is returned if this fails.
I read the paragraph above, and it seems pretty straight forward, I believe I understand how it works, but when I try to apply this to what I need I dont know what to do. I can change the UID, or other fields from the users or groups, but i can change the dn.
For me Openldap has being really hard to understand, it is really technical, usually i am really good at this stuff. I am pretty sure I have huge gaps of knowledge that requires more reading, and a better understanding of the standards. But that is why I usually ask here when I am stuck.
This is usually the last place I resort when I dont have answers.
Thanks,
Juan Diego
----- Original Message -----
From: masarati@aero.polimi.it
To: "Juan Diego Calle" <juandiego.calle@soportelibre.com>
Cc: openldap-technical@openldap.org
Sent: Monday, September 12, 2011 4:08:57 PM GMT -05:00 Colombia
Subject: Re: Change a user dn
You didn't try all combinations of parameters, you need to be exhaustive
when doing trial and error, otherwise there is no guarantee you get to the
right combination in a finite amount of time. Or, you can read RFC4511
and find out how to do things right the first time.
p.
> Hi thanks for the helo I have being tryinn a few things with ldapmodify,
>
> I need to modify the user from
> dn: uid=user1,ou=People,dc=mydomain,dc=com,
> to
> dn: uid=user1,ou=Group1,ou=People,dc=mydomain,dc=com,
>
> I have try some of the following attempts
>
> dn: uid=user1,ou=People,dc=mydomain,dc=com
> changetype: modify
> replace: dn
> dn: uid=user1,ou=Group1,ou=People,dc=mydomain,dc=com
>
> that according to what i have read it doesnt have work, because dn is not
> exactly like an attribute
>
> dn: uid=user1,ou=People,dc=mydomain,dc=com
> changeType: modrdn
> newRDN: uid=user1,ou=Group1,ou=People,dc=mydomain,dc=com
> deleteOldRDN: 1
>
> and this ones gives me
>
> modifying rdn of entry "uid=user1,ou=People,dc=mydomain,dc=com"
> rename completed
> ldapmodify: Invalid DN syntax (34)
> additional info: invalid new RDN
>
> I dont know how to add an ou to the dn.
>
> Thanks
>
>
>
>
>
> ----- Original Message -----
> From: "Andrey A. Konovalov" <mudraia@list.ru>
> To: openldap-technical@openldap.org
> Sent: Friday, September 9, 2011 12:43:01 PM GMT -05:00 Colombia
> Subject: Re: Change a user dn
>
>> Hi
>>
>> I have Openldap with samba, and some users.
>> My users are part of ou=People,dc=mydomain,dc=com,
>> like this,
>> dn: uid=user1,ou=People,dc=mydomain,dc=com,
>>
>> So i wanted some of my users to be able to administer a group of users
>> and be able to create users, so a friend of mine recommended me to do
>> the following, create a group like this
>>
>> dn: cn=Admin Group1,cn=Admins,ou=People,dc=mydomain,dc=com,
>> objectClass: groupOfNames
>> objectClass: top
>> cn: Admin Group1
>> member: uid=adming1,ou=People,dc=mydomain,dc=com,
>>
>> and
>>
>> dn: ou=Group1,ou=People,dc=mydomain,dc=com
>> objectClass: organizationalUnit
>> objectClass: top
>> ou: U.A.A. Group1
>>
>> the users of this "group" whould have to be
>>
>> dn: uid=user1,ou=Group1,ou=People,dc=mydomain,dc=com,
>>
>>
>> And with and acl I give Admin Group1 users complete control over that
>> ou.
>>
>>
>> So this seems to work. But I already have users that use my ldap, is it
>> possible to change their dn, I am not clear on how to do this.
>>
>> Thanks,
>>
>> Juan Diego
>>
>
>
> Maybe,
> (do it with ldapmodify, fex.)
> dn: uid=user1,dc=tratata,dc=com
> changeType: modrdn
> newRDN: user2
> deleteOldRDN: 1
>
> ???
> --
> Andrey A. Konovalov <mudraia@list.ru>
>
>
>